[de] Authentifizierungsinformationen (solved)

Topics: Technical Support
Oct 14, 2013 at 12:07 PM
Hallo,

Erstmal: Super Arbeit, die du/ihr hier leistet. Zyan ist wirklich sehr zu empfehlen ich/wir sind total begeistert, wie einfach man damit eine Kommunikationsbasis für Client-Server Anwendungen erstellen kann. Ich frag mich immer wieder: wie war das nur vor Zyan möglich ;-)

Jetzt aber zu meinem Problem: Einfache Authentifizierungsszenarien hab ich fertiggestellt und die funktionieren auch.

Nun bräuchte ich aber folgende Funktionalitäten:

1.) Server soll die IP erfahren/erkennen können, wovon sich der Client anmeldet
2.) Ich möchte die bei der Anmeldung gültigen Rechte eines Benutzers zwischen speichern um sie in den Modulen (die alle per MEF geladen werden) dann auch abzufragen. Das Auslesen des Benutzersnamens und dem danach dann gegen die Datenbank auszuführenden Prüfen, welche Rechte der Anwender hat, finde ich sehr unperformant

Hier wird immer wieder auf die Sessions hingewiesen. Da ich aber für die Module ein
If catalog.Parts.Count > 0 Then
                For Each obj As Object In catalog.Parts
                    NLOGLOGGER.Debug("=>MEF: " & obj.ToString)
                Next
                ' 'MEF-Module' registrieren
                HostInstance.RegisterComponents(catalog)
            Else
                NLOGLOGGER.Debug("=>MEF: No additional Modules found!")
            End If
benutze, kann ich da keine weiteren Parameter für irgent SessionManager hinzufügen.

Könnte mir da jemand ein paar Tipps geben, wo ich welchen Code unterbringen muss, damit der Server durch die Sessioninformation weiß, welche Methoden er ausführen darf und welche nicht?

Vielen Dank
Coordinator
Oct 15, 2013 at 9:33 PM
Edited Oct 15, 2013 at 9:51 PM
Hi!
 
Erstmal: Super Arbeit, die du/ihr hier leistet.
 
Thanks!
 
Server soll die IP erfahren/erkennen können, wovon sich der Client anmeldet
 
If you need to get client's IP address during normal method execution (i.e. when the user is already logged on), use ServerSession.CurrentSession.ClientAddress. But if you need to get the IP address of an unauthenticated user during the IAuthenticationProvider.Authenticate method call, use AuthRequestMessage.ClientAddress property:
public class IPBasedAuthenticationProvider : IAuthenticationProvider
{
    public AuthResponseMessage Authenticate(AuthRequestMessage authRequest)
    {
        Console.WriteLine("Authenticating... IP address: {0}", authRequest.ClientAddress);
        
        return new AuthResponseMessage()
        {
            Success = true,
            AuthenticatedIdentity = WindowsIdentity.GetAnonymous()
        };
    }
}
Please note that this feature is not in production yet.
You need to build Zyan from the latest sources to get ClientAddress property.
 
Ich möchte die bei der Anmeldung gültigen Rechte eines Benutzers zwischen speichern um sie in den Modulen (die alle per MEF geladen werden) dann auch abzufragen.
 
You can use session variables to cache user's permissions as well as other session-specific data. Load them once from the database, store in the current session and query whenever you need to check permissions. Here is an example:
// note that current session is not yet available during the Authenticate method call
var currentSession = Session.CurrentSession;

// load current user's permissions from the database by user name
var userPermissions = LoadFromDatabase(currentSession.Identity.Name);

// cache permissions in the current session
currentSession.SessionVariables["Permissions"] = userPermissions;

// access loaded permissions somewhere else
var permissions = currentSession.SessionVariables["Permissions"] as UserPermissions;
if (!permissions.Check(somePermission))
{
     throw new InvalidOperationException("Access denied.");
}
DoSomethingThatRequiresPermissions(...);
Let me know if this helps.
Marked as answer by MyKey0815 on 10/26/2013 at 3:56 AM
Oct 16, 2013 at 8:07 AM
Hello yalli,

thank your for your fast response. I understand the technic - but i have some problems to implement it.

I use a Client-Server application. On which place I implement the Session-Code? On the Client oder on the server?

Can I use the methode if I use Singleton-Instances of my serverside code?
Coordinator
Oct 17, 2013 at 11:22 AM
On which place I implement the Session-Code? On the Client oder on the server?
 
This code should be server-side, hence the class name: ServerSession.
If you need to check permissions on the client-side, you may need to cache permissions as well.
But, client-side caching is trivial because there you only have data from one client.

Also, on the client-side you can use call interception to make transparent data caching.
Call interception is available since 2.0 release of Zyan.
Please search this document for 'call interception' to see usage examples.
 
Can I use the methode if I use Singleton-Instances of my serverside code?
 
Sure, why not.
Oct 26, 2013 at 11:58 AM
Sorry for the long time to reply. But I have some strenge Problem in my project so I put this feature later in my time line :-)

Today I have time to check and try it out - and it works fine

Now I can protect my functions on a usual way

Thanks yallie for your work and support
Coordinator
Oct 26, 2013 at 1:27 PM
That's great!

Glad it helped.
Jul 28, 2014 at 11:43 AM
Hello,

it didn't work for me, because the parameter authRequest doesn't know the property ClientAddress. It's only property is Credentials.

Any solution?

Thanks,
ZyanWebProject
Coordinator
Jul 29, 2014 at 5:52 AM
Hi,

This feature is a part of the upcoming release 2.6.
Please wait until it's published or just download the latest source code of Zyan and build it yourself.
The download link for the sources is located on the SOURCE CODE tab.

Regards, Alex
Jul 29, 2014 at 9:51 AM
I got it now, the only problem is that authRequest.ClientAddress always returns 127.0.0.1, even if I'm accessing the web server that communicates with the server (zyan) through the network instead from the same machine where the server is running on. I got exactly this code:

server:
namespace ZyanTest.Server
{
    class Program
    {
        static void Main(string[] args)
        {
            HttpCustomServerProtocolSetup protocolSetup = new HttpCustomServerProtocolSetup(35080, new IPBasedAuthenticationProvider(), true);
            ZyanComponentHost host = new ZyanComponentHost("ZyanTestHost", protocolSetup);

            host.RegisterComponent<ILoginComponent, LoginComponent>(ActivationType.SingleCall);
            host.RegisterComponent<IAuthenticationProvider, IPBasedAuthenticationProvider>(ActivationType.SingleCall);
            Console.WriteLine("Server started! Waiting for requests...");
            Console.Read();
        }
    }
[...]
    public class IPBasedAuthenticationProvider : IAuthenticationProvider
    {
        public AuthResponseMessage Authenticate(AuthRequestMessage authRequest)
        {
            Console.WriteLine("Authenticating... IP address: {0}", authRequest.ClientAddress);

            return new AuthResponseMessage()
            {
                Success = true,
                AuthenticatedIdentity = WindowsIdentity.GetAnonymous()
            };
        }
    }
client:
namespace ZyanTest.Client.Modules.Login
{
    public partial class Login : System.Web.UI.Page
    {
        ILoginComponent proxy;

[...]

        protected void Page_Load(object sender, EventArgs e)
        {
            HttpCustomClientProtocolSetup protocolSetup = new HttpCustomClientProtocolSetup(true);
            Hashtable credentials = new Hashtable();
            credentials.Add("username", "testuser");
            credentials.Add("password", "testpw");

            ZyanConnection connection = new ZyanConnection(System.Configuration.ConfigurationManager.AppSettings["ZyanTestHost"], protocolSetup, credentials, false, true);
            proxy = connection.CreateProxy<ILoginComponent>();
        }
    }
}
The credentials used are just for testing purposes.

Thanks in advance,
ZyanWebProject
Jul 29, 2014 at 1:01 PM
Hello,

I achieved getting the client ip address by testing a few methods. Only one method gave me the ip:

client:
            IEnumerable<string> test = GetAddresses();
            credentials.Add("ipaddr", Request.UserHostAddress);
server:
Console.WriteLine("Authenticating... IP address: {0}", authRequest.Credentials["ipaddr"]);
I also checked if the user could attack that, but the user doesn't get anything of that because it's server-side. Maybe it's only a workaround, but it works well!

Regards,
ZyanWebProject
Coordinator
Jul 29, 2014 at 7:08 PM
Hi,
the only problem is that authRequest.ClientAddress always returns 127.0.0.1
That's very strange. Looks like bug. I'll check it out, thanks for reporting!
Request.UserHostAddress
I guess it's Http-channel specific... AuthRequest.ClientAddress should work for all channels.
Anyway, will look into it.

Regards, Alex
Coordinator
Jul 30, 2014 at 6:48 AM
I just re-read your post carefully.
 
authRequest.ClientAddress always returns 127.0.0.1, even if I'm accessing the web server that communicates with the server (zyan) through the network instead from the same machine where the server is running on
 
Is your website running on the same machine as server?
If yes, then everything works as intended.

AuthRequestMessage.ClientAddress is not the address of your web client accessing the site.
It's the address of the website itself, from the point of view of the server.
 
I achieved getting the client ip address by testing a few methods. Only one method gave me the ip:
 
That's the IP address of a web site user's machine. Is that what you needed?
It's not a workaround then, it's the only way to actually get it.
 
Regards, Alex
Jul 30, 2014 at 10:49 AM
Hi Alex,

yes, after recognising that the communication between the client and the web server is not encrypted, I also noticed that this will be the only way to get it. I didn't take care of the fact that the client itself (who accesses the web server at front-end) is an extra station added to the setup build up with Zyan Framework. To illustrate what I'm talking about I created the following images.

Usual client <-> server structure with Zyan Framework:
Image

This setup:
Image

You're totally right, getting the IP address 127.0.0.1 if the web server runs on the same machine, it's as it should be.
So to people that use the setup I'm using: Put the client's IP address in a session / credential variable and pass it from the web server to the application server to get the IP address you really want.

Thank you very well!
Marcel
Coordinator
Jul 30, 2014 at 2:23 PM
Great images! :)
I'll borrow them to illustrate the web project sample, if you don't mind.
Jul 30, 2014 at 2:27 PM
Thanks, you may use them for anything you want.
I will also provide you (or the discussion board of Zyan Framework) with some developments that could be interesting for anybody.

Regards,
Marcel
Coordinator
Jul 30, 2014 at 2:34 PM
Thanks Marcel!
It will be greatly appreciated!